Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

794 advisories

Loading
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited,... Critical Unreviewed
CVE-2021-38685 was published Nov 27, 2021
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It... Critical Unreviewed
CVE-2020-7879 was published Dec 1, 2021
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and ... Critical Unreviewed
CVE-2021-3727 was published Dec 1, 2021
# Vulnerability in `title` function **Description**: the `title` function defined in `lib... Critical Unreviewed
CVE-2021-3726 was published Dec 1, 2021
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**:... Critical Unreviewed
CVE-2021-3769 was published Dec 1, 2021
A command execution vulnerability exists in the wifi_country_code_update functionality of the... Critical Unreviewed
CVE-2021-21954 was published Dec 10, 2021
An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate... Critical Unreviewed
CVE-2021-21888 was published Dec 23, 2021
An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality... Critical Unreviewed
CVE-2021-21883 was published Dec 23, 2021
An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of... Critical Unreviewed
CVE-2021-21884 was published Dec 23, 2021
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner... Critical Unreviewed
CVE-2021-21881 was published Dec 23, 2021
Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An... Critical Unreviewed
CVE-2021-21877 was published Dec 23, 2021
Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An... Critical Unreviewed
CVE-2021-21876 was published Dec 23, 2021
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd... Critical Unreviewed
CVE-2021-21874 was published Dec 23, 2021
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd... Critical Unreviewed
CVE-2021-21875 was published Dec 23, 2021
An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute... Critical Unreviewed
CVE-2021-21872 was published Dec 23, 2021
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd... Critical Unreviewed
CVE-2021-21873 was published Dec 23, 2021
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping... Critical Unreviewed
CVE-2021-44453 was published Dec 24, 2021
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which... Critical Unreviewed
CVE-2021-43984 was published Dec 24, 2021
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an... Critical Unreviewed
CVE-2021-43981 was published Dec 24, 2021
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which... Critical Unreviewed
CVE-2021-23198 was published Dec 24, 2021
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified,... Critical Unreviewed
CVE-2021-22657 was published Dec 24, 2021
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability... Critical Unreviewed
CVE-2021-33962 was published Jan 15, 2022
An OS command injection vulnerability exists in the device network settings functionality of... Critical Unreviewed
CVE-2021-40409 was published Jan 29, 2022
An OS command injection vulnerability exists in the device network settings functionality of... Critical Unreviewed
CVE-2021-40408 was published Jan 29, 2022
An OS command injection vulnerability exists in the device network settings functionality of... Critical Unreviewed
CVE-2021-40407 was published Jan 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database